Apr200913

Mark Wilcox surveys the VRM proposition and has a suggestion for handling one of its technical needs. Here are some thoughts in response to his. (I had some trouble getting my comment to “stick” on Mark’s site, hence the posting here instead.)

I would say that one of the requirements of VRM is providing an individual with a convenient way to update his volatile data at the many sites that (legitimately) need accurate data about him to provide valuable online service. Convenience means, for one thing, not forcing the individual to be personally present for each transfer, and this then suggests that automation would be a good thing. This need for automation, which is a small but vital part of the VRM picture, can also be seen as an instance of the larger problem in IdMland of getting data just in time, directly from an authoritative source, with the user’s permission but through a back channel.

I think Mark is probably onto something in terms of how a CRM system has to deal with indirection where it once merely had to store some information by value. Note that there are lots of ways to accomplish this, and some of them are routinely done today in IdM contexts.

For example, the Liberty identity web services framework (ID-WSF) involves web service providers (WSPs) that accept requests from authorized web service consumers for data. By default this is all SOAP-based (though there’s interesting work going on to RESTify it). It’s got a sophisticated notion of a Discovery Service for fielding and routing requests.

By contrast, the Mine! work and ProtectServe both take explicitly web-friendly and RESTful approaches, with data feeds being accessed through URLs rather than XML request/response messages being traded by web service endpoints.

OAuth can be seen as an automation option as well, in that it enables services to become consumers of the output of other services on a user’s say-so. (ProtectServe is an extension/application of OAuth.) And this isn’t even a complete list of technologies that address this goal. The architectural choices run the gamut from push to pull, and include even hybrids/abstractions that are somewhere in the middle.

It will be good to get Mark’s further thoughts (and research from within Oracle) on how CRM systems can begin enabling VRM goals. Of course, the $64,000 question is more about business model shifts than technology shifts…